com.caucho.security
Class PasswordDigest

java.lang.Object
  extended by com.caucho.security.PasswordDigest
Direct Known Subclasses:
PasswordDigest

public class PasswordDigest
extends java.lang.Object

Calculates a digest for the user and password.

If the realm is missing, the digest will calculate:

 MD5(user + ':' + password)
 

If the realm is specified, the digest will calculate:

 MD5(user + ':' + realm + ':' + password)
 

The second version matches the way HTTP digest authentication is handled, so it is the preferred method for storing passwords.

The returned result is the base64 encoding of the digest.


Constructor Summary
PasswordDigest()
           
 
Method Summary
protected static void addDigestUTF8(java.security.MessageDigest digest, char ch)
          Adds the string to the digest using a UTF8 encoding.
protected static void addDigestUTF8(java.security.MessageDigest digest, char[] string)
          Adds the string to the digest using a UTF8 encoding.
protected static void addDigestUTF8(java.security.MessageDigest digest, java.lang.String string)
          Adds the string to the digest using a UTF8 encoding.
 void addText(java.lang.String value)
          Sets the algorithm for bean-style init.
protected static char[] digestToBase64(byte[] digest, int len)
           
protected  char[] digestToCharArray(byte[] digest, int len)
          Convert the digest byte array to a string.
protected static char[] digestToHex(byte[] digest, int len)
           
protected  java.lang.String digestToString(byte[] digest, int len)
          Convert the digest byte array to a string.
 java.lang.String getAlgorithm()
          Returns the message digest algorithm.
 java.lang.String getFormat()
          Returns the message digest format (base64 or hex).
 java.lang.String getPasswordDigest(java.lang.String password)
          Returns the digest of the password
 char[] getPasswordDigest(java.lang.String user, char[] password)
          Returns the digest of the user/password
 char[] getPasswordDigest(java.lang.String user, char[] password, java.lang.String realm)
          Returns the digest of the user/password
 java.lang.String getPasswordDigest(java.lang.String user, java.lang.String password)
          Returns the digest of the user/password
 java.lang.String getPasswordDigest(java.lang.String user, java.lang.String password, HttpServletRequest request)
          Returns the digest of the user/password
 java.lang.String getPasswordDigest(java.lang.String user, java.lang.String password, java.lang.String realm)
          Returns the digest of the user/password
 java.lang.String getPasswordDigest(java.lang.String user, java.lang.String password, java.lang.String realm, HttpServletRequest request)
          Returns the digest of the user/password
 java.lang.String getRealm()
          Returns the message digest default realm.
 java.lang.String getType()
           
 void init()
          Initialize the digest.
 void setAlgorithm(java.lang.String algorithm)
          Returns the message digest algorithm.
 void setFormat(java.lang.String format)
          Set the message digest format (base64 or hex).
 void setRealm(java.lang.String realm)
          Set the message digest default realm
 byte[] stringToDigest(char[] s)
          Convert the string to a digest byte array.
 byte[] stringToDigest(java.lang.String s)
          Convert the string to a digest byte array.
 java.lang.String toString()
           
protected  void updateDigest(java.security.MessageDigest digest, java.lang.String user, char[] password, java.lang.String realm)
          Updates the digest based on the user:realm:password
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

PasswordDigest

public PasswordDigest()
Method Detail

setAlgorithm

public void setAlgorithm(java.lang.String algorithm)
Returns the message digest algorithm.


getAlgorithm

public java.lang.String getAlgorithm()
Returns the message digest algorithm.


setFormat

public void setFormat(java.lang.String format)
Set the message digest format (base64 or hex).


getFormat

public java.lang.String getFormat()
Returns the message digest format (base64 or hex).


setRealm

public void setRealm(java.lang.String realm)
Set the message digest default realm


getRealm

public java.lang.String getRealm()
Returns the message digest default realm.


getType

public java.lang.String getType()

addText

public void addText(java.lang.String value)
             throws ConfigException
Sets the algorithm for bean-style init.

Throws:
ConfigException

init

@PostConstruct
public void init()
Initialize the digest.


getPasswordDigest

public java.lang.String getPasswordDigest(java.lang.String password)
                                   throws ServletException
Returns the digest of the password

Throws:
ServletException

getPasswordDigest

public java.lang.String getPasswordDigest(java.lang.String user,
                                          java.lang.String password)
Returns the digest of the user/password


getPasswordDigest

public java.lang.String getPasswordDigest(java.lang.String user,
                                          java.lang.String password,
                                          java.lang.String realm)
Returns the digest of the user/password


getPasswordDigest

public java.lang.String getPasswordDigest(java.lang.String user,
                                          java.lang.String password,
                                          HttpServletRequest request)
Returns the digest of the user/password

The default implementation returns the digest of user:password or user:realm:password if a default realm has been configured.

Parameters:
request - the http request
response - the http response
app - the servlet context
user - the user name
password - the cleartext password

getPasswordDigest

public java.lang.String getPasswordDigest(java.lang.String user,
                                          java.lang.String password,
                                          java.lang.String realm,
                                          HttpServletRequest request)
Returns the digest of the user/password

The default implementation returns the digest of user:realm:password. If the realm is null, it will use user:password.

Parameters:
request - the http request
user - the user name
password - the cleartext password
realm - the security realm

getPasswordDigest

public char[] getPasswordDigest(java.lang.String user,
                                char[] password)
Returns the digest of the user/password

The default implementation returns the digest of user:realm:password. If the realm is null, it will use user:password.

Parameters:
user - the user name
password - the cleartext password
realm - the security realm

getPasswordDigest

public char[] getPasswordDigest(java.lang.String user,
                                char[] password,
                                java.lang.String realm)
Returns the digest of the user/password

The default implementation returns the digest of user:realm:password. If the realm is null, it will use user:password.

Parameters:
user - the user name
password - the cleartext password
realm - the security realm

updateDigest

protected void updateDigest(java.security.MessageDigest digest,
                            java.lang.String user,
                            char[] password,
                            java.lang.String realm)
Updates the digest based on the user:realm:password


addDigestUTF8

protected static void addDigestUTF8(java.security.MessageDigest digest,
                                    java.lang.String string)
Adds the string to the digest using a UTF8 encoding.


addDigestUTF8

protected static void addDigestUTF8(java.security.MessageDigest digest,
                                    char[] string)
Adds the string to the digest using a UTF8 encoding.


addDigestUTF8

protected static void addDigestUTF8(java.security.MessageDigest digest,
                                    char ch)
Adds the string to the digest using a UTF8 encoding.


stringToDigest

public byte[] stringToDigest(java.lang.String s)
Convert the string to a digest byte array.


stringToDigest

public byte[] stringToDigest(char[] s)
Convert the string to a digest byte array.


digestToString

protected java.lang.String digestToString(byte[] digest,
                                          int len)
Convert the digest byte array to a string.


digestToCharArray

protected char[] digestToCharArray(byte[] digest,
                                   int len)
Convert the digest byte array to a string.


digestToBase64

protected static char[] digestToBase64(byte[] digest,
                                       int len)

digestToHex

protected static char[] digestToHex(byte[] digest,
                                    int len)

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object